package com.example.sec.action;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.struts.action.Action;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import org.owasp.esapi.ESAPI;
import org.owasp.esapi.HTTPUtilities;

public class TransferMoneyAction extends Action {
	public ActionForward execute(ActionMapping mapping, ActionForm form,
			HttpServletRequest request, HttpServletResponse response) {	
		
		System.out.println("Begin transfer money...");	
		// first we should have to check the token
		String token = request.getParameter(HTTPUtilities.CSRF_TOKEN_NAME);
		
		if(token == null || !token.equals(request.getSession().getAttribute("ESAPIUserSessionKey"))){
			request.setAttribute("errorMessage", "The token is not matched, the money transfer will not execute");
			return mapping.findForward("failure");
		}
		
		String cash = request.getParameter("cash");
		String to = request.getParameter("to");	
		
		String msg = "Finish transfer money " + cash + " to " + to;
		System.out.println(msg);
		request.setAttribute("msg", msg);
		
		return mapping.findForward("success");
	}
}
